Scaling API-first – The story of a global engineering organization
Building e commerce online-chapter_19
1. 19
CHAPTER
Part 7: Application Development
BUILDING E-COMMERCE
APPLICATIONS AND
INFRASTRUCTURE
Learning Objectives
Upon completion of this chapter, you will be
Content able to:
Helping Customers Navigate the Web Site 1. Discuss the major steps in developing an EC
and Increase Sales at Campmor application.
19.1 Major E-Commerce Applications 2. Describe the major EC applications and list
and Their Functionalities their major functionalities.
19.2 A Five-Step Approach to Developing 3. List the major EC application development
an E-Commerce Landscape options along with their benefits and limitations.
19.3 Development Options for E-Commerce 4. Discuss various EC application outsourcing
Applications options, including application service
19.4 Criteria for Selecting a Development providers (ASPs), software as a service (SaaS),
Approach and utility computing.
19.5 E-Commerce Software Packages 5. Discuss the major EC software packages and EC
and Suites application suites.
19.6 Connecting to Databases and Other 6. Describe various methods for connecting an EC
Enterprise Systems application to back-end systems and databases.
19.7 Vendor and Software Selection 7. Discuss the value and technical foundation of
Web Services and their evolution into second-
19.8 Usage Analysis and Site Management generation tools in EC applications.
Managerial Issues 8. Understand service-oriented architecture
Real-World Case: Molding a New Vision for (SOA) and virtualization and their relationship
E-Commerce at D-M-E to EC application development.
9. Describe the criteria used in selecting an
outsourcing vendor and package.
10. Understand the value and uses of EC
application log files.
11. Discuss the importance of usage analysis
and site management. 19-1
2. EC Application
HELPING CUSTOMERS NAVIGATE THE WEB SITE
AND INCREASE SALES AT CAMPMOR
The Problem
Nature enthusiasts no longer have to make a major hike to take advantage of the vast array of camping, fishing, rock-climbing, and
canoeing supplies housed within Campmor’s walls. Since discovering—and then tapping—the possibilities of a well-designed e-commerce
site, the Paramus, New Jersey, retailer has expanded to the four corners of the earth. But doing so was no walk in the park. Having struck
out on its own, Campmor eventually realized it needed a guide or two who were familiar with the daunting wilderness that the Internet
can be. Although an early adopter of e-commerce, Campmor realized that its Web site could be much more effective. The company turned
to its long-time systems integrator, Tachyon Solutions, to use site analytics to redesign the site.
Tachyon tracked a variety of factors associated with the site, such as who visited, how long they stayed, and which visitors were
converted to customers. Tachyon determined that visitors frequently abandoned their carts prior to making a purchase—a clear indicator
they were having trouble finding their way on the site. What was needed, Tachyon determined, was enhanced search capabilities that
could be tied closely with the IBM solutions already in use.
“[Campmor] had invested a lot in their data catalog, but the embedded search in WebSphere didn’t really fully take advantage of it,”
said Tony Frazier, program director of content discovery marketing at IBM, which was the vendor of choice for the site. The Campmor site
uses IBM’s DB2, eServer iSeries, and WebSphere Commerce products. “Information about size, color, etc. was there but not well seen,”
noted Frazier.
The Solution together closely. Tachyon and iPhrase readily split the search-
defining job to enable each partner to focus on its particular
After some consultation, Tachyon and Campmor decided that
area of expertise.
enhanced search capabilities would help customers find things
WebSphere Content Discovery Server also enables Campmor
more quickly and reduce shopping cart abandonment rates. An
to cross-sell related items and to customize the shopping experi-
exhaustive evaluation of a number of search companies brought
ence. A customer searching for tents, for example, can be
Tachyon and Campmor to iPhrase Technologies and its iPhrase
directed to information on products such as sleeping bags,
Onestep solution, which was renamed WebSphere Content
lanterns, or other camping-related equipment.
Discovery Server when iPhrase was acquired by IBM in November
The solution also includes apparel ontology, with synonyms
2005. According to Marian Lewis, CEO of Tachyon, the search
and acronyms for various terms a customer might enter, as well
technology was selected for its robustness and its ability to be
as likely misspellings, which are automatically corrected.
readily linked to IBM’s WebSphere.
Because site visitors can conduct detailed searches in less than
To optimize the search technology for the specific needs
a second, sales have gone up.
of an outdoor gear retailer, iPhrase and Tachyon worked
The Results search-based order increased 15 percent within a year. In
2006, 50 percent of the company’s orders went directly from
Customers can find products quickly using the new search-
the Web to the warehouse without human interaction; only
and-discovery tools, which led to a 35 percent increase in
about 3 percent of orders need to be entered by hand.
online sales in 2005. Today, the Web site generates 70 percent
The initial engagement between Tachyon and iPhrase has
of the company’s revenue.
blossomed into a variety of new opportunities.
Campmor found that the number of orders placed from
searches increased 10 percent and the average size of a Sources: Compiled from McKeefry (2006) and Tachyon Solutions (2007).
WHAT WE CAN LEARN . . .
This case demonstrates that there is more to building an EC application than choosing a development technique and creating content.
Once Campmor initiated its EC application project, it selected an outsourcer to build a custom-made application. Critical to the project
was the need to make the site easily navigable by customers so they can easily purchase products. To achieve this, it was necessary for
the company—an early adopter of e-commerce—to obtain the continued cooperation from the external developer of the EC application.
This case also demonstrates that developing a good EC application often requires an ongoing relationship with a development partner
that offers a diverse set of services. All these issues and a few related ones are the subject of this chapter.
3. Chapter Nineteen: Building E-Commerce Applications and Infrastructure 19-3
19.1 MAJOR E-COMMERCE APPLICATIONS AND THEIR
FUNCTIONALITIES
Once it has been determined that a business can benefit from an online presence, the business
type, the product line, the business’s organization, and the budget dictate what functionality the
Web site should have and how the Web site should be developed. Companies can choose from a
number of different types of Web sites, including B2C, B2B, exchanges, and the like. Sites of a
particular type (e.g., retailer, provider of business services, manufacturer, distributor/wholesaler,
media, travel/entertainment) usually use the same underlying applications and provide similar
sorts of functionality. Although this simplifies the task of creating the underlying application
architecture, the site requirements must still be considered carefully. Before discussing the best
approach to developing the site, it is useful to consider the major characteristics, functionalities,
and requirements of an EC system. The following discussion focuses on these considerations for
some of the more common EC applications.
B2C STOREFRONTS
An electronic storefront must support the same tasks that a physical store supports. In
particular, an electronic storefront (a seller’s Web site where purchases can be made) needs to
offer certain capabilities to buyers and to the merchant. These are shown in Exhibit 19.1.
In order to provide these capabilities, an electronic storefront should have the following
functions (Nickerson 2002):
◗ A product presentation function provides the customer with information about the product
through the user interface (browser). The information presented can include product
advertisements, detailed product specifications, product views, and sample product
EXHIBIT 19.1 Capabilities Needed by Users
of Electronic Storefronts
Buyers need the ability to: Sellers need the ability to:
• Discover, search for, evaluate, and compare • Provide access to a current catalog of
products for purchase using e-catalogs. product offerings, allowing prospective buyers
• Select products to purchase and negotiate to analyze and evaluate the offerings.
or determine their total price. • Provide an electronic shopping cart in
• Place an order for desired products which buyers can assemble their purchases.
using a shopping cart. • Verify a customer’s credit and approve
• Pay for the ordered products, usually the customer’s purchase.
through some form of credit. • Process orders (back-end services).
• Confirm an order, ensuring that the • Arrange for product delivery.
desired product is available. • Track shipments to ensure that they are
• Track orders once they are shipped. delivered.
• Provide the means for buyers and visitors to
register at the site, to make comments, or to
request additional information.
• Answer customers’ questions or pass queries
and requests to a Web-based call center.
• Analyze purchases in order to customize
buyers’ experiences.
• Provide Web-based post-sale support.
• Create the capability for cross-sell and up-sell.
• Provide language translation if needed.
• Measure and analyze the traffic at the site to
modify and maintain the various applications.
4. 19-4 Part 7: Application Development
presentations. This function can include additional features such as language selection,
product search, and customization for customer preferences.
◗ An order entry function allows a customer to place an order for selected products.
Information about each product ordered is added to the electronic shopping cart, which
is a database of orders in process. This function is linked to the enterprise’s inventory
system in order to check product availability. It also requires access to the enterprise’s
customer database to update and use customer data.
◗ An electronic payment function enables the customer to pay for the order and, thus, com-
plete the transaction. Payment options may include credit card, debit card, COD, check
(before delivery), and invoice (after delivery). Security is very important in the electronic
payment function. The function should provide the necessary security through Secure
Socket Layer (SSL), Secure Electronic Transactions (SET), or some other protocol, and
customers should be apprised of the security provisions.
◗ An order fulfillment function provides for the delivery of the product to the customer. The
delivery can be digital for products such as music, software, and information. This function
is linked to the enterprise’s inventory system so that the inventory database can be updated
when the order is fulfilled.
◗ A customer service function provides assistance to customers who have problems or questions
related to the purchasing process. Options for providing customer service include FAQs,
toll-free telephone numbers, e-mail, and chat rooms.
◗ The product support function provides assistance to the customer after the product has been
received. This support may include initial setup and installation, regular operation,
troubleshooting, return policy, ongoing maintenance, and warranty or nonwarranty repair
or replacement.
For a comparison of various software packages that support the creation of a B2C store-
front, see ecommerce-guide.com/solutions. For more on storefront construction, tools, and
vendors, see Chapter 16 and Section 19.5.
SUPPLIER SELL-SIDE B2B SITES
A sell-side B2B site is similar to a B2C storefront, enabling one business to purchase goods
and services from another. However, a B2B site also has additional features (see Chapter 5),
including:
◗ Personalized catalogs and Web pages for all major buyers
◗ A B2B payment gate
◗ Electronic contract negotiation features
◗ Product configuration by customers (e.g., Cisco or Dell)
◗ Affiliate program capabilities
◗ Business alerts (e.g., to special sales, to news)
E-PROCUREMENT
An e-procurement site is an online intermediary that offers businesses access to hundreds of
parts and services provided by suppliers. E-procurement systems come in several variations, each
with its own specialized capabilities. See more discussion about e-procurement in Chapter 5.
Aggregating Catalogs
In large organizations, multiple buyers are involved in making purchases from a large number
of suppliers. One way to reduce costs and other inefficiencies in the purchase process is to
aggregate the items from approved suppliers into a single online catalog (see Chapter 5).
Some of the specialized requirements for this type of site include:
◗ Search engine for locating items with particular characteristics
◗ Comparison engine for alternative vendors
◗ Ordering mechanism
◗ Budget and authorization feature
5. Chapter Nineteen: Building E-Commerce Applications and Infrastructure 19-5
◗ Usage comparison (among various departments)
◗ Payment mechanism (e.g., use of a purchasing card)
Aggregated catalogs are used by many large companies and government agencies.
Reverse Auctions and Tendering Systems
In a reverse auction, buyers list the items they wish to purchase, and sellers bid to provide those
items at the lowest price (see Chapter 5). Sites of this sort provide the following capabilities:
◗ Catalog of items to be tendered and their content management
◗ Search engine (if the site has many items)
◗ Personalized pages for potential large bidders
◗ Reverse auction mechanisms, sometimes in real time
◗ Facility to help prepare, issue, manage, and respond to a buyer’s request for quotes (RFQs)
◗ Ability to bid dynamically
◗ Automatic vendor approval and workflow (e.g., SmartMatch’s supplier identification
technology)
◗ Electronic collaboration with trading partners
◗ Standardization of RFQ writing
◗ Site map
◗ Mechanism for selecting suppliers
◗ Automatic matching of suppliers with RFQs
◗ Automatic business process workflow
◗ Ability for bidders to use m-commerce for bidding
◗ Automated language translation
Forward Auctions
Forward auctions enable selling companies to post items they want to sell, and buying com-
panies to compete for the best prices acceptable to the selling companies for those items. In
forward auctions, winning bidders (buyers) are obligated to buy items (see Chapters 5 and 10
and docs.sun.com/source/816–5981–10/auctions/auc_deffwrdaucs.htm). A typical forward
auction consists of the following steps:
1. Both the seller and the buyer complete the online registration process, including providing
shipping points and regulatory and banking information.
2. The seller starts an auction by listing the product, the asking price, and the quantity on
a form.
3. The buyer chooses a bid product and indicates a bid price and quantity. The buyer may
also set the maximum price and bid increments.
4. Sophisticated software determines the auction winner, based on price, volume, and timing.
5. A funds transfer from the bidder takes place immediately.
6. Upon successful funds transfer, a freight company is dispatched to the seller’s location;
the product is loaded and delivered to buyer’s location.
7. The buyer inspects and accepts the product.
8. Funds are released to the seller.
The capabilities of forward auctions can be best viewed at ebay.com.
Exchanges
An exchange is an e-marketplace that connects many buyers with many suppliers (see
Chapter 6). In addition to combining the functionalities of buy-side, e-procurement, and
auction sites, they also have a number of other capabilities:
◗ Collaboration services (including multichannel services)
◗ Community services
6. 19-6 Part 7: Application Development
◗ Web-automated workflow
◗ Integrated business process solutions
◗ Central coordination of global logistics for members, including warehousing and
shipping services
◗ Integration services (systems/process integration into e-marketplace, trading partners,
and service providers)
◗ Data mining, customized analysis and reporting, real-time transactions, trend and customer
behavior tracking
◗ Transaction-flow managers
◗ Negotiation mechanisms
◗ Language translation
◗ Comprehensive links to related resources
These lists of major characteristics and functionalities can be used by application devel-
opers as outlines or checklists from which to develop plans for specific EC applications. For
a listing of software packages that support the various capabilities of B2B sites, see
Business.com (2007).
Portals
A portal is a single Web interface that provides personalized access to information, applica-
tions, business processes, and much more. With portal technology, an organization can lower
development and deployment costs and significantly increase productivity. Using a portal,
information can be aggregated and integrated within a particular working environment,
application, or service, or a single interface can be used to target an individual user’s needs
and interests. Portals help to harmonize content, commerce, and collaboration with business
goals. A list of different types of portals and their capabilities follows:
◗ Line-of-business portals provide easy access to applications that serve a specific area, such
as procurement or human resources.
◗ A corporate intranet portal often acts as a gateway to other portals and Web sites operated
by an organization.
◗ Extranet portals act as an interface between companies, customers, and suppliers, revealing
subsets of information to specific audiences.
◗ Customer service and self-service portals are often seen as subsets of a corporate extranet.
◗ Team or divisional portals are used by groups or communities that want to share specific
content or business functions.
◗ A personal portal is geared to assist individuals who access information and resources.
◗ An enterprise portal is the central portal for an entire organization. It comprises all other
portals deployed.
See Microsoft.com (2007) for more features and capabilities of portals.
Other EC Systems
Several EC systems exist, each with its own set of required capabilities. For example, e-learning
sites may have a student part and an instructor part, each with its own set of requirements.
Collaboration EC sites require several collaboration capabilities and tools.
Section 19.1 ◗ REVIEW QUESTIONS
1. Examine 15 different Web sites and choose your 5 favorites. Are these the kinds of Web
sites that you would choose to visit or use as a template if you had a business? Explain why
or why not.
2. List the major functions of an electronic storefront.
3. Describe some of the major functions required by an aggregating catalog.
4. Describe some of the major functions needed to build a reverse auction.
5. Describe the basic steps of a forward auction.
7. Chapter Nineteen: Building E-Commerce Applications and Infrastructure 19-7
6. List some of the functional requirements of an online exchange.
7. Name the different types of portals and describe their basic features.
19.2 A FIVE-STEP APPROACH TO DEVELOPING
AN E-COMMERCE LANDSCAPE
A well-developed Web site not only adds to the value of the product or service being offered;
it also enhances the worth of the company. Therefore, it is important that a firm choose the
correct development strategy in order to obtain the greatest return on its investment. The
diversity of e-business models and applications, which vary in size from small stores to global
exchanges, requires a variety of development methodologies and approaches.
For example, small storefronts with a few key components can be developed with
HTML, Java, or another programming language. They also can be implemented with com-
mercial packages, leased from an application service provider (ASP), or purchased from a site
builder. Larger or special EC applications can be developed in-house or outsourced (see the
opening case). Building medium to large applications requires extensive integration with
existing information systems, such as corporate databases, intranets, enterprise resource
planning (ERP), and other application programs. Therefore, although the process of building
EC systems can vary, in many cases, it tends to follow a fairly standard format.
The traditional systems development life cycle (SDLC) systematically leads developers
through six analysis and design stages: problem identification, analysis, logical design, physi-
cal design, implementation, and maintenance. The SDLC is the basis for development of the
majority of traditional business systems (see Whitten and Bentley 2007 for more details on this
approach). However, innovative new software and hardware are enabling a move to a more
streamlined approach to e-commerce development, as discussed in Case 19.1.
Exhibit 19.2 (p. 9) shows the five major steps needed to develop a typical e-commerce
application.
STEP 1: IDENTIFYING, JUSTIFYING, AND PLANNING EC SYSTEMS
EC applications, like all other information systems, are usually built to enable one or more
business processes. Consequently, their planning must be aligned with that of the organiza-
tion’s overall business plan and the specific processes involved. Always remember that
existing processes may need to be restructured to take full advantage of the benefits of the
supporting IT. Furthermore, each application must be carefully analyzed, using different
methods, such as the methodology discussed in the opening case, to ensure that it will have
the needed functionality to meet the requirements of the business processes and the users
and that its benefits will justify its cost (see Chapter 5). Both of these activities may be com-
plex, but they are necessary, especially for systems that require high investment to acquire,
operate, and maintain. The output of this step is a decision to go with a specific application,
with a timetable, budget, and assigned responsibility. This first step is typically performed
in-house (with consultants if needed). All other steps can be completed either in-house or
outsourced.
STEP 2: CREATING AN EC ARCHITECTURE
An EC architecture is a plan for organizing the underlying infrastructure and applications of EC architecture
a site. The plan specifies the following: A plan for organizing the
underlying infrastructure
◗ Information and data required to fulfill the business goals and vision
and applications of a site.
◗ Application modules that will deliver and manage the information and data
◗ Specific hardware and software on which the application modules will run
◗ Necessary security, scalability, and reliability required by the applications
◗ Human resources and procedures for implementing the architecture
Various IT tools and methodologies can be used to support the creation of an application
architecture (e.g., see Kendall and Kendall 2005). Because the creation of an architecture is
an iterative process, collaborative methodologies, such as joint application development
( JAD), are especially useful in identifying and modifying system requirements.
8. 19-8 Part 7: Application Development
CASE 19.1
EC Application
TD BANKNORTH—ONLINE CUSTOMER SERVICE RIGHTNOW
As a community bank that uses service as a selling point, After an in-depth search process for the best solution
TD Banknorth Inc., a leading banking and financial services provider, TD Banknorth whittled the list of candidates down
company headquartered in Portland, Maine, and a majority- to three finalists. At this point TD Banknorth began looking
owned subsidiary of TD Bank Financial Group with banking more closely at specific features and functionality and
divisions in eight Northeastern states, was not satisfied with applying a weighted scorecard to appropriately compare the
a 90 percent response rate within 24 hours to its customer respective solutions. TD Banknorth evaluated everything from
e-mails. So, it decided to overhaul its online customer ser- incident management tools and knowledge base search func-
vice system to improve its record. tions to ease of customization and management. At the end
With the help of RightNow’s on-demand solutions and of the day, RightNow was the clear choice. It turned out to be
professional services, TD Banknorth increased its response rate the right decision, and TD Banknorth succeeded in addressing
to an impressive 97 percent for nonconfidential e-mails within its customer service concerns on all counts with the help of
24 hours and more than 50 percent within just .6 hours after RightNow’s on demand solutions and professional services.
receipt. The company also found that making information Part way through the project, the bank consolidated its
easier to find on its Web site lowered e-mail volume by six regional holdings into a single brand, which required a
55 percent, to about 35 messages a day. Mark Ellis, Senior Vice parallel consolidation of the corporate Web site. This pushed
President of eCommerce at TD Banknorth, credits the decline the target implementation date out but created another
to the new customer resource center, which provides Web site opportunity. A soft launch was introduced into the plan,
visitors information more efficiently by integrating e-mail and which allowed TD Banknorth to comprehensively test and
Internet capabilities. This lower volume has freed service rep- refine the knowledge base content prior to the go-live date.
resentatives to handle other duties, such as answering phones Despite the scope and complexity of the system TD
and handling secure e-mails. Banknorth required, RightNow was able to go live in just
In 2004, when the company, then called Banknorth 90 days. In 2006, when TD Banknorth bought Hudson United
Group Inc., set out to upgrade its online customer service, Bancorp of Mahwah, New Jersey, for $1.9 billion. Hudson
its aim was to provide information fast enough that cus- United’s customers also started using the new site. Having
tomers would not have to send e-mails or make phone calls. RightNow host the knowledge base allowed for a quick
The company saw an opportunity to improve e-mail service 90-day rollout.
levels and provide customers with easily accessible answers Although responsiveness generally is not a make-or-break
to their banking questions. TD Banknorth also sought to issue, unlike onerous fees or failure to post a deposit, some-
improve the efficiency of its service operations across the times a bad experience—for example, an unanswered e-mail—
board, maintain cost control, and accomplish all this while can cost a bank a customer. “RightNow has improved our
its technology resources supported an aggressive acquisition response times and enabled us to support the bank’s growth
strategy. To optimize the online self-service facilities it without driving up our overhead,” declares Ellis. “Our return-
planned to provide to its customers, TD Banknorth decided on-investment is definitely going to be well beyond our initial
on a true knowledge base system that recognizes natural projections.”
language rather than the hodgepodge of quotation marks
and connectors that Web portals such as Google and Yahoo! Sources: Compiled from Duvall (2006) and RightNow Technologies
expect. For example, it wanted its customers to be able to Inc. (2007).
simply type, “How can I reset my online banking password?”
or enter a few keywords from that phrase so that the answer
appears courtesy of the FAQ mechanism. If TD Banknorth
Questions
customers failed to find satisfactory answers, they 1. Do you agree that RightNow was the best choice for TD
could alternatively e-mail the bank. They also wanted the Banknorth? Why or Why not?
knowledge-base tool to allow contact-center representatives 2. Why is the bank’s customer service record so important
to tweak the technology. For example, drawing on their to TD Banknorth?
interactions with customers, the reps could propose
3. What roles does Web Services play at TD Banknorth?
question-and-answer pairs for the knowledge base.
The results obtained from step 2 are routed to the strategic planning level (e.g., to a
steering committee). Based on the results of step 2, the application portfolio may be changed.
For example, the steering committee may discourage or scale down the specific project
because it is too risky. Once the architecture is determined and the project gets final approval,
a decision about how to develop the specific EC application must be made and a develop-
ment option chosen.
9. Chapter Nineteen: Building E-Commerce Applications and Infrastructure 19-9
EXHIBIT 19.2 The EC Applications Development Process
Project Identification, Justification, and Planning (Step 1)
IT as enabler Identify EC projects
From business goals to information needs Justify EC investments
System-required functionalities
Need to solve problems
EC Architecture (Step 2)
Business
process Information architecture Technical architecture EC
restructuring, Data architecture Organization architecture Infrastructure
redesign Application architecture Feasibility
Development (Acquisition) Options (Step 3) Management
Build How, which methodology Vendor management
Project management
Buy What, from whom Evaluation
Business Lease What, from whom
Partners
Partner Which partner, how to partner
Join an exchange, Business
marketplace Which one (ones)
Partners
Testing, Installation, and Integration (Step 4)
Business Testing, installation, integration, training, security,
Partners conversation, deployment, etc.
Operations, Maintenance, and Updating (Step 5)
Operations
Maintenance and updating
Replacement
STEP 3: SELECTING A DEVELOPMENT OPTION
EC applications can be developed through several alternative approaches that will be dis-
cussed in detail in Section 19.3. The major options are:
◗ Build the system in-house.
◗ Have a vendor build a customized system.
◗ Buy an existing application and install it, with or without modifications, by yourself or
through a vendor.
◗ Lease standard software from an application service provider (ASP), lease as a service
(SaaS), or lease via utility computing.
◗ Enter into a partnership or alliance that will enable the company to use someone else’s
application.
◗ Join a third-party e-marketplace, such as an auction site, a bidding (reverse auction) site,
or an exchange, that provides needed capabilities to participants (e.g., Yahoo! Store).
◗ Use a combination of approaches.
The criteria for selecting from among the various options are presented in Section 19.4.
Once an option is chosen, the system can be developed. At the end of this step, an applica-
tion is ready to be installed and made available. No matter what option is chosen, there is a
strong possibility that the firm will work with vendor(s) and/or software provider(s). In this
case, the firm will need to manage its vendor relationships (see Section 19.8).
10. 19-10 Part 7: Application Development
STEP 4: INSTALLING, TESTING, INTEGRATION,
AND DEPLOYING EC APPLICATIONS
Once a system has been developed, the next step involves getting the application up and run-
ning in the selected hardware and network environment. One of the steps in installing an
application is connecting it to back-end databases, to other applications, and often to other
Web sites. For example, if a prospective customer orders a product from a site, it would be
helpful if the site could determine if the product is in stock. To do this, the ordering system
would need to be connected to the inventory system. Details of the connection process are
supplied in Section 19.6. This step can be done in-house or outsourced.
At this point, the modules that have been installed need to be tested. Sommerville
(2004) recommends a series of different tests:
unit testing ◗ Unit testing. Test each module one at a time.
Testing application ◗ Integration testing. Test the combination of modules acting in concert.
software modules one ◗ Usability testing. Test the quality of the user’s experience when interacting with the site.
at a time.
◗ Acceptance testing. Determine whether the site meets the firm’s original business
integration testing objectives and vision.
Testing the combination
of application modules Once all the Web site applications pass all of the tests, they can be made available to the
acting in concert. end users. At this stage, issues such as conversion strategies, training, and resistance to
change may need to be addressed.
usability testing
Testing the quality of
the user’s experience
STEP 5: OPERATIONS, MAINTENANCE, AND UPDATING
when interacting with It usually takes as much time, effort, and money to operate and maintain a site as it does to
a Web site. build and install it in the first place. To enjoy continual usage, a site needs to be updated con-
tinually. For example, at a B2C site new products need to be added to the catalog, prices need
acceptance testing to be changed, and new promotions need to be run. These changes and updates need to
Determining whether undergo the same testing procedures used during the installation process. Additionally, usage
a Web site meets the patterns and performance need to be studied to determine which parts of the underlying
original business applications should be modified or eliminated from the site. See Reynolds (2004) for more
objectives and vision. about the operation and maintenance of an EC site.
MANAGING THE DEVELOPMENT PROCESS
The development process can be fairly complex and must be managed properly (Xia and Lee
2004). For medium-to-large applications, a project team is usually created to manage the
process and the vendors. Collaboration with business partners also is critical. As shown in
various chapters of this book, some e-business failures are the result of a lack of cooperation
by business partners. For example, a firm can install a superb e-procurement system, but if
their vendors will not use it properly the system will collapse. Projects can be managed with
project management software (see examples of various project management software at
office.microsoft.com/project and primavera.com). Best practice management also includes
periodic evaluations of system performance. Standard project management techniques and
tools are useful for this task. For a review of project management techniques, see Schwalbe
(2006). Finally, do not rule out the possibility that implementing an EC project may require
restructuring one or more business processes. See Kanter and Walsh (2004) for further
discussion of this topic.
Section 19.2 ◗ REVIEW QUESTIONS
1. Go to the Web site of the developers of each of your five favorite Web sites (chosen
in answer to Section 19.1, Review Question #1). What expertise do they profess to
have? What projects have they completed? Would you feel comfortable hiring their
services?
2. List the major steps in developing an EC application.
3. Define the various types of testing used during the EC development process.
11. Chapter Nineteen: Building E-Commerce Applications and Infrastructure 19-11
19.3 DEVELOPMENT OPTIONS FOR E-COMMERCE
APPLICATIONS
If the desired Web site is relatively simple, a firm may decide to build the Web site itself.
However, the firm must ask a few questions: Is the firm capable of developing the site?
Does the firm have access to the proper tools to create the pages? If the firm does not
have these capabilities, it is usually best to turn over the task to a professional developer.
The ideal developer is one who can design a site with the correct look and feel, who
has an in-depth knowledge of search engine optimization, and who is able to correctly
handle any complex coding that may be required. Resources on building a Web site
are available at Internet Marketing Singapore (internetmarketingsingapore.com), Sell IT!
(sellitontheweb.com/ezine/help.shtml), and the Microsoft Small Business Center
(microsoft.com/smallbusiness/resources/technology/ecommerce/5_common_e_commerc
e_site_mistakes.mspx). A useful site for finding an experienced Web site designer is
Supplier-Match.com (supplier-match.com/categories/e-commerce_services.jsp).
Regardless of the complexity of the site, three basic options for developing an EC Web
site are available: (1) develop the site in-house, either from scratch or with off-the-shelf com-
ponents; (2) buy a packaged application designed for a particular type of EC site; or (3) lease
the application from a third party. Each of these approaches has its benefits and limitations.
IN-HOUSE DEVELOPMENT: INSOURCING
The first generation of EC development was accomplished largely through proprietary pro-
gramming and in-house development (see Zhao et al. 1998). Using this approach, the Internet
browser serves as the development platform. The programmers write EC systems using a
combination of HTML and script languages such as HTX, CGI, IDC, and JavaScript.
Databases developed on top of a database management system (DBMS) usually serve as the
information repository to store EC data. Although this first generation of EC development
has built up valuable experience and achieved industrial momentum, the lack of reusability reusability
(i.e., the likelihood a segment of source code can be used again to add new functionalities with The likelihood a segment
slight or no modification) in current EC applications and the lack of interoperability (i.e., the of source code can be
ability to connect people, data and diverse systems, standards) created a great barrier to wide- used again to add new
spread application of EC. functionalities with slight
Although in-house development—insourcing—can be time consuming and costly, it or no modification.
may lead to EC applications that better fit an organization’s strategy and vision and differen-
interoperability
tiate it from the competition. Companies that have the resources to develop their e-business
Connecting people, data,
application in-house may follow this approach in order to differentiate themselves from the
and diverse systems. The
competition, which may be using standard applications that can be bought or leased. The
term can be defined in a
in-house development of EC applications, however, is a challenging task, because most
technical way or in a
applications are novel, have users from outside the organization, and involve multiple organi-
broad way, taking into
zations. Shurville and Williams (2005) demonstrate how a combination of hard and soft
account social, political,
project and change management methodologies guided successful in-house development of a
and organizational factors.
campuswide information system.
insourcing
Development Options In-house development
Developers have three major options for developing an application: of applications.
◗ Build from scratch. This option is used rarely. It should be considered only for special-
ized applications for which components are not available. It is expensive and slow, but it
may provide the best fit.
◗ Build from components. The required applications are often constructed from stan-
dard components (e.g., Web servers such as Apache or Microsoft’s IIS) using Web
scripting languages, such as PHP, Microsoft’s Active Server Pages (ASP), JavaServer
Pages ( JSP), or ColdFusion. These scripting languages make it easier to integrate
application functionality with back-end databases and other back-office systems
(e.g., order entry). For a methodology of evaluating component-based systems, see
Dahanayake et al. (2003).
12. 19-12 Part 7: Application Development
◗ Enterprise application integration. The enterprise application integration (EAI)
option is similar to the build from components option, but instead of using components,
an entire application is employed. This is an especially attractive option when applica-
tions from several business partners need to be integrated.
Insourcing is a challenging task that requires specialized IT resources. For this reason,
most organizations usually rely on packaged applications or completely outsource the devel-
opment and maintenance of their EC sites.
BUY THE APPLICATIONS
A number of commercial packages provide standard features required by EC applications.
turnkey approach These packages are ready to turn on and operate. This option is also known as a turnkey
Ready to use without approach; the package is ready to use without further assembly or testing.
further assembly or test- The turnkey approach involves buying a commercial package, installing it as is, and
ing; supplied in a state starting it up. Buying a commercial package requires much less time and money than in-
that is ready to turn on house development. When selecting a particular package, the package should not only satisfy
and operate. current needs, it must also be flexible enough to handle future ones; otherwise the package
may quickly become obsolete. Additionally, because one package can rarely meet all of an
organization’s requirements, it is sometimes necessary to acquire multiple packages. In this
case, the packages need to be integrated with each other and with other software and data.
This option has several major advantages:
◗ Many different types of off-the-shelf software packages are available.
◗ It saves time and money (compared to in-house development).
◗ The company need not hire programmers specifically dedicated to an EC project.
◗ The company knows what it is getting before it invests in the product.
◗ The company is neither the first nor the only user.
◗ The price is usually much lower than the in-house option.
◗ The vendor updates the software frequently.
This option also has some major disadvantages:
◗ Software may not exactly meet the company’s needs.
◗ Software may be difficult or impossible to modify, or it may require huge process changes.
◗ The company may experience loss of control over improvements and new versions.
◗ Off-the-shelf applications can be difficult to integrate with existing systems.
◗ Vendors may drop a product or go out of business.
See softwaresearch.us/search.aspx?keywords=E+commerce+turnkey for a directory of
vendors of EC turnkey systems. The buy option is especially attractive if the software
vendor allows for modifications. However, the option may not be as attractive in cases of
high obsolescence rates or high software cost. In such cases, leasing may be a more
appealing option.
OUTSOURCING/LEASING EC APPLICATIONS
The use of outside contractors or external organizations (often software vendors) to acquire
outsourcing EC applications is called outsourcing. It is a method of transferring the management and/or
A method of transferring day-to-day execution of an entire business function to a third-party service provider.
the management and/or Outsourcing is a valuable option that more and more companies are using. In many cases,
day-to-day execution of systems need to be built quickly, and the special expertise of outside contractors and software
an entire business func- vendors is necessary.
tion to a third-party Large companies may choose outsourcing when they want to experiment with new EC
service provider. technologies without a great deal of up-front investment. Outsourcing also allows large firms
to protect their internal networks and to gain expert advice. Small firms with limited IT
expertise and tight budgets also find outsourcing advantageous.
Outsourcers can perform any or all tasks in EC applications development. For example,
they can plan, program, and build applications and integrate, operate, and maintain them. It
is useful for firms to develop good relationships with outsourcers (see Kishore et al. 2003).
13. Chapter Nineteen: Building E-Commerce Applications and Infrastructure 19-13
Several types of vendors offer services for creating and operating EC applications:
◗ Software houses. Many software companies, from IBM to Oracle, offer a range of
outsourcing services for developing, operating, and maintaining EC applications.
◗ Outsourcers and others. IT outsourcers, such as EDS, offer a variety of services. Also,
the large CPA companies and management consultants (e.g., Accenture) offer some
outsourcing services.
◗ Telecommunications companies. Increasingly, the large telecommunications compa-
nies are expanding their hosting services to include the full range of IT and EC solu-
tions. MCI, for example, offers Web Commerce services for a monthly fee.
Although the trend to outsource is rising, so is the trend to conduct outsourcing offshore—
mainly in India and China. This approach is not without risks. For example, although
outsourcing offshore may lead to substantial dollar savings, offshore labor skills may be inferior
to those found onshore, and the resultant quality of the Web site development may be unac-
ceptable. For more discussion about the drivers, effects, and risks of outsourcing, see Dutta and
Roy (2005), Aron et al. (2005), and Overby (2003).
To accommodate the increasingly popular move to EC development by vendors, a less
risky outsourcing option known as software on demand has emerged as a development
method. Initially, this leasing option was provided through utility computing, then through
ASPs, and more recently, through firms that provide software as a service (SaaS). Large and
small firms alike will often choose the lease option to experiment with new software before
making a large up-front investment or as an ongoing method of acquiring and supporting
EC software. Another benefit is that it enables firms to protect their internal networks.
Through leasing, new entrants into e-business (usually smaller firms) are able to establish a
market presence in a much shorter period of time. Each of these alternative sources of soft-
ware acquisition is discussed in the following sections
UTILITY COMPUTING
Utility computing is a business model whereby computer resources are provided on an utility (on-demand)
on-demand and pay-per-use basis. This contrasts sharply with the traditional SDLC model computing
of purchasing physical systems, configuring them, and devoting them to one application for Unlimited computing
their useful life. With utility computing, customers do not own the expensive computer power and storage capac-
resources but are billed only for their actual use of the resources. Because the utility comput- ity that can be used
ing provider can spread customers’ variance in resource needs, resource utilization can be and reallocated for any
optimized. Because the utility computing service is based on usage, computing resources are application—and billed
metered and the user charged on that basis. This is comparable to the use of electricity, gas, on a pay-per-use basis.
and most other utilities; hence the name utility computing. Utility computing is sometimes
also called on demand computing.
Utility computing has a long history. It was first described by John McCarthy in 1961 at
the MIT Centennial (en.wikipedia.org/wiki/Utility_computing):
If computers of the kind I have advocated become the computers of the future, then comput-
ing may someday be organized as a public utility just as the telephone system is a public
utility . . . The computer utility could become the basis of a new and important industry.
HP was the original leader of the utility computing concept, recognizing that computing
power and resources can be delivered as a service, flowing on demand as and where needed.
Subsequently, IBM offered this type of flexible delivery of computing power and database
storage to big banks from its worldwide data centers. In 2000, Sun offered utility computing
to consumers through its Sun Grid service. HP introduced the Utility Data Center in 2001.
Since 2000, many companies have entered the utility computing market. Some of these orga-
nizations use utility computing to help offset hardware costs, others use it to share the cost of
resources within organizations. In December 2005, Alexa launched Alexa Web Search
Platform, a Web search building tool, for which the underlying power is utility computing;
Alexa charges users for storage, utilization, and so on. SoftLayer Technologies is continuing
to develop utility services aimed at meeting the needs of the emerging Web 2.0 market.
Lance Crosby, President and Chief Executive Officer at SoftLayer said, “As a company, we
recognize the importance of IT scalability. With the needs of businesses changing as rapidly
14. 19-14 Part 7: Application Development
as the technology that powers them, we understand that the ability to expand on demand is
paramount” (Utilitycomputing.com 2006).
As shown in Exhibit 19.3, the utility-computing value proposition consists of three layers
of tools and two types of value-added services. Each tool must be seamlessly integrated to cre-
ate a comprehensive solution but will usually be implemented separately. These three tools are:
policy-based service- ◗ Policy-based service-level-management tools coordinate, monitor, and report on the ways
level-management tools in which multiple infrastructure components come together to deliver a business service.
Coordinate, monitor, and ◗ Policy-based resource-management tools coordinate, monitor, and report on the ways
report on the ways in in which multiple infrastructure components come together to deliver a business service.
which multiple infra- They automate and standardize all types of IT management best practices, from initial
structure components configuration to ongoing fault management and asset tracking.
come together to deliver ◗ Virtualization tools enable server, storage, and network resources to be deployed and
a business service. managed as giant pools and seamlessly changed as needs change.
policy-based resource- These tools share multisourcing delivery and financing services (left side of Exhibit 19.3)
management tools and provide for customer access and management services (right side of Exhibit 19.3).
Automate and standardize
all types of IT manage-
ment best practices, from APPLICATION SERVICE PROVIDERS (ASP)
initial configuration to An application service provider (ASP) manages application servers in a centrally controlled
ongoing fault manage- location rather than on a customer’s site. Applications are then accessed via the Internet or
ment and asset tracking. VANs through a standard Web browser interface. Such an arrangement provides a full range of
services for the company using the ASP: Applications can be scaled, upgrades and maintenance
application service
can be centralized, physical security over the applications and servers can be guaranteed; and
provider (ASP)
the necessary critical mass of human resources can be efficiently utilized. The determinants of
A company that provides
ASP adoption as an innovation are discussed by Daylami et al. (2005).
business applications
The end user businesses pay a licensing fee. Monthly fees are separate and are paid to the
to users for a small
maker of the software and to the ASP “host” of the software. In general, these fees include
monthly fee.
payment for the application software, hardware, service and support, maintenance, and
upgrades. The fee can be fixed or may be based on utilization.
Leasing from an ASP is a particularly desirable option for SMEs, for which in-house
development and operation of IT applications can be time consuming and expensive.
Leasing from ASPs saves various expenses (e.g., labor costs) in the initial development stage.
It also helps reduce software maintenance, upgrading, and user training costs in the long run.
A company can select other software products from the same ASP to meet its changing
needs and does not have to invest further in upgrading the existing one. Thus, overall busi-
ness competitiveness can be strengthened through reducing time-to-market and enhancing
the firm’s ability to adapt to changing market conditions. ASPs are particularly effective for
IT applications for which timing, flexibility, and agility are crucial.
EXHIBIT 19.3 The Five Elements of a Successful
Utility-Computing Value Proposition
Policy-Based Service-Level-Management Tools
and Management Services
Multisourcing Delivery
and Financing Services
Business-based and
eventually, ROI-based management
Customer Access
Policy-Based Resource-Management Tools
Fault, performance,
operations management, etc.
Virtualized Infrastructures
Virtualized servers, storage
and networks, and dynamic provisioning
Source: Kucharvy, T. The Five Rules for Jump-Starting the Utility-Computing Market. Boston, MA: Summit
Strategies, Inc., January 2003.
16. 19-16 Part 7: Application Development
EXHIBIT 19.5 List of SaaS Vendors
and Applications
• Business Objects (Crystal Reports) (business intelligence)
• CollabNet (collaboration)
• Google (Google Maps, Google Docs, Google Spreadsheets, JotSpot)
• NetSuite (for small firms)
• Oracle (PeopleSoft on Demand; E-Business Suite on Demand)
• Replicon (Timesheets)
• RightNow Technologies (CRM and Customer Experience)
• Salesforce.com (CRM)
• SPS Commerce (EDI for retailers, distributors, manufacturers)
• WebEx (Web conferencing, video conferencing)
• YouSendIt (Web-based file hosting; large e-mail attachments)
shift is Google (Beer 2006). Exhibit 19.5 lists software developers who are now offering
some of their products as SaaSs and the diverse applications they address.
To engage in SaaS, the user pays the software provider for the user’s actual usage or a
fixed monthly/quarterly/annual fee instead of the one-time large fee plus support, as with the
traditional software licensing model. SaaS is particularly advantageous when a company
wants to experiment with a package before making a heavy up-front investment. This solu-
tion also enables a firm to protect its internal networks and quickly establish a presence in the
market. With SaaS, software can be delivered to any market segment, including home office
users, small businesses, medium and large businesses. It can result in substantial cost and time
savings. Although SaaS is useful to any size company, it is particularly appealing for SMEs,
who often have limited IT resources and tight budgets.
SaaS allows organizations to access business functionality from a central location over
the Web at a cost typically less than that for licensed applications because SaaS pricing is
based on a monthly fee. Also, because the software is hosted remotely, users do not need to
invest in additional hardware or software support. SaaS removes the need for organizations
to handle installation, set up, and daily upkeep and maintenance. SaaS may also be referred to
as hosted applications.
An important factor in the shift to SaaS is the need to integrate or combine software
components. According to some ( Jakovljevic 2006), SaaS at its most sophisticated must be
delivered using a service-oriented architecture (SOA) with Web Services.
RISE OF WEB SERVICES AND SERVICE-ORIENTED ARCHITECTURE
Interrelated technologies that can greatly facilitate the development of complex EC applications
are Web Services and service-oriented architecture (SOA).
Except in the simplest of cases, EC sites require the integration of software applications
written in different programming languages and residing on different computer hardware
distributed across the Internet. For example, on many B2C sites order entry is handled by one
software application or module, payment authorization by another application or module, and
shipping by yet another application or module. In these cases, there is a good chance that the
order entry, payment authorization, and shipping software modules all reside on separate
application servers linked through a Web server. Even when packaged applications are used, a
substantial amount of the implementation effort revolves around the task of tying together
these disparate applications or modules in such a way that the underlying connections are
transparent to the end users.
Existing technologies make integration a difficult task for a number of reasons (Tabor
2002; Erl 2004):
◗ Platform-specific objects. Existing EC software applications consist of a series of soft-
ware objects. Software objects have properties (attributes) and methods (actions that can be
performed on or by the object). For example, an order-entry application might have an
“order” object that has a property specifying the “quantity” being ordered and a method
called “set” that allows the quantity to be updated. In a distributed application, such as an
17. Chapter Nineteen: Building E-Commerce Applications and Infrastructure 19-17
EC storefront, the application objects residing on different computers must have a way
to communicate with one another across the network.
Two main technologies are available for accomplishing this task: Microsoft’s
Distributed Component Object Model (DCOM) for Microsoft’s Windows operating sys-
tems and the Object Management Group’s (OMG) Common Object Request Broker
Architecture (CORBA) for Unix-based systems. The problem is that there is limited inter-
operability between these two technologies. If one component or application is based on
DCOM and another component or application is based on CORBA, then they cannot
communicate easily with one another. Special software called a DCOM/CORBA bridge
must be used to accomplish the task.
◗ Dynamic environment. In today’s rapidly changing business environment, business
partners come and go, and so do software vendors and their applications. If a software
component or application is no longer available because the vendor is no longer in busi-
ness or has dropped a particular product line, then an existing EC application has to be
flexible enough to substitute a new component or application for the old one. If a new
business partner requires additional functionality, then an existing EC application has to
be flexible enough to incorporate new features, functions, or applications. Again, existing
EC application architectures make it difficult to accommodate these types of changes.
◗ Security barriers. Companies use firewalls to protect their networks against security
risks. Firewalls are designed to limit the types of communications and requests that can
be made from one computer to another. In most cases, only the simplest sorts of Web
requests using standard communication protocols (such as HTTP) are allowed. This
makes it very difficult for one component or application residing on one computer to
communicate with another component or application residing on another computer.
For these reasons, there is a need for universal standards, and this is where Web Services,
XML, and service-oriented architecture enter the picture.
THE ROLES OF XML AND WEB SERVICES
What is required to address these problems is a technology that can be integrated across dif-
ferent hardware and operating systems, that can interface with both new and legacy systems,
and that minimizes network security risks. This is where Web Services come into play.
According to the World Wide Web Consortium (W3C), a Web Service is a software system Web Service
identified by a URI (uniform resource indicator) whose public interfaces and bindings can be A software system identi-
defined and described using XML. fied by a URI (uniform
As the definition indicates, Web Services are based on XML (see Online Appendix B). resource indicator),
The operations (or methods) that a Web Service can perform are “defined and described” whose public interfaces
using XML. Likewise, when another program or application wants to invoke the operations and bindings are defined
or methods of a Web Service, the request is sent as an XML message. An XML document or and described using XML.
message is a text file with a set of tags and content (or values). The tags within an XML
document (denoted by “ ”) describe the content. For instance, the following XML document
might be used to represent an order placed by a customer for a digital camera:
<ORDER>
<ORDER_ID>123</ORDER_ID>
<ORDER_ITEM>Digital Camera ABC</ORDER_ITEM>
<ORDER_QUANTITY>1</ORDER_QUANTITY>
</ORDER>
Because XML messages are text based, they can be sent over the Web using standard
Web communication protocols (e.g., HTTP). This makes it easy for programs or applications
written in different program languages and running on different hardware to interoperate. It
also means that the messages sent from one program or application to another can pass easily
through firewalls.
WEB SERVICES
Web Services are self-contained, self-describing business and consumer modular applica-
tions, delivered over the Internet that users can select and combine through almost any
device, ranging from personal computers to mobile phones. By using a set of shared protocols
18. 19-18 Part 7: Application Development
and standards, these applications permit disparate systems to “talk” with one another—that
is, to share data and services—without requiring people to translate the conversation. The
result promises to provide on-the-fly and in-real-time links among the online processes of
different systems and companies. These links could shrink corporate IT departments, foster
new interactions among businesses, and create a more user-friendly Web for consumers. Web
Services provide for inexpensive and rapid solutions for application integration, access to
information, and application development. Web Services can be extremely useful for EC,
especially B2B structures.
Key Technologies in Web Services
In addition to XML, three other technologies are also instrumental in providing Web
Services (for examples, see Iverson 2004 and Birman 2005). These include:
Simple Object Access ◗ Simple Object Access Protocol (SOAP). SOAP is the most frequently used protocol or
Protocol (SOAP) message framework for exchanging XML data across the Internet. A SOAP message,
Protocol or message which is written as XML, consists of three parts: an envelope, an optional header, and a
framework for exchang- body. The envelope encapsulates the message; the header provides optional information
ing XML data across the about the message; and the body is the XML data being exchanged. For example, the
Internet. following SOAP message might be used to request the number of items in inventory
available for purchase:
<SOAP-ENV: Envelope>
<SOAP-ENV:Body>
<s:getInventoryQuantity>
<item>Digital Camera ABC</item>
</s:getInventoryQuantity>
</SOAP-ENV:Body>
</SOAP-ENV: Envelope>
When a program wants to invoke a process or method performed by a specific Web
Service (e.g., getInventoryQuantity in the example), it simply sends a SOAP message to
the service over the Web. In turn, the Web Service sends a SOAP message in response.
Web Services ◗ Web Services Description Language (WSDL). WSDL is an XML document that defines
Description Language the programmatic interface for a Web Service. The document specifies the operations
(WSDL) or methods that the Web Service can perform, along with the parameters that the service
An XML document that needs to carry out the operations and the values that the service will return in response to a
defines the program- particular request.
matic interface— ◗ Universal Description, Discovery, and Integration (UDDI). UDDI is a general busi-
operations, methods, ness registry that originally was used as a way for the participants in a B2B exchange to
and parameters—for share information about their business and business processes (Deitel et al. 2003). More
Web Services. recently, UDDI has been used as an XML framework for businesses to publish and find
Web Services online. The Web Service entries in a UDDI typically point to the Web
Universal Description,
address (URL) of the WSDL file associated with the Web Service.
Discovery, and
Integration (UDDI) ◗ Security protocols. A security protocol is a communication protocol that encrypts and
An XML framework for decrypts a message for online transmission; security protocols generally provide authen-
businesses to publish tication. Several security standards are in development, including Security Assertion
and find Web Services Markup Language (SAML), which is a standard for authentication and authorization.
online. Other security standards are XML signature, XML encryption, XKMS, and XACML.
Exhibit 19.6 describes the interaction of the key components in a Web Service. Web
security protocol
Services are based on XML, as detailed in Online Appendix B.
A communication protocol
that encrypts and decrypts
a message for online Web Services Platforms
transmission; security A number of the major hardware and software vendors have created software development
protocols generally provide environments that help programmers create and deploy Web Services. The development
authentication. environments provided by three of the leaders in this arena—Microsoft, IBM, and Sun—are
described briefly here. For a more extensive list of Web Services platforms, see Newcomer
and Lomow (2005).